In the first six months of 2016, WordPress received 4,258 DMCA takedown notices, 9 percent of which were rejected as abusive, according to the company's Transparency Report. And though those numbers are nowhere near the volume of, say, Google, the costs of those abuses are high, Sieminski says. "There's really a big chilling effect on speech, especially controversial speech, because there's a very handy tool to use to remove that type of reporting from the internet," he says. "And as a company, we have to invest in the human resources … to sift through the mountain of notices we get."

There are some more interesting quotes in there as well. Having himself featured in Corporate Counsel Magazine seems like reason enough for a Facebook post, so Paul posted a link to the story on Facebook as well, with a little blurb noting how it was "fun" to be quoted, and how such automated takedowns "happen hundreds of times a day, but make the news only occasionally."

Facebook claims that posting about automated takedowns and how they're problematic somehow violates its Community Standards. Obviously, this is a mistake (yet another one) by Facebook's autotakedown system, but it really does help highlight the point of how problematic this kind of system can be, when perfectly legitimate speech is silenced, because a bot thinks it's bad.

* Full disclosure: Automattic recently sponsored & hosted our event on copyright reform, and Paul was our main contact there for that event.

from the it's-a-real-problem dept

Earlier this week, we wrote about a major new study that revealed that a ton of DMCA takedown notices are clearly faulty, and how that shows just how messed up the DMCA's notice-and-takedown provisions are in giving tremendous incentives to send notices with absolutely no punishment for filing bogus takedowns. The legacy music industry and its supporters keep claiming that the fact that there are so few counternotices is evidence that there's almost no abuse. In fact, in the legacy music industry filing we wrote about earlier today, they even had the gall to claim that the real abuse is in the counternotices themselves.

As more and more comment filings to the Copyright Office about the DMCA process are being released, there's increasing evidence that the legacy entertainment industry's claims are, simply, full of shit. The latest is the excellent comment filed by Automattic (the folks who make Wordpress), whose Wordpress.com offering hosts over 80 million websites. The company notes that even while hosting so much content, the majority of the time the company spends dealing with DMCA notices is... dealing with the bogus ones:

We put a great deal of resources toward processing takedown notices because we take our responsibilities under the DMCA seriously. We aim to respond to all inbound takedown notices within 48 hours, exceeding the law’s requirements. But a significant portion of the resources we put towards our DMCA program are aimed at combating the shortcomings of the notice and takedown system. For example, we spend significant effort reviewing and trying to weed out overbroad and abusive DMCA takedown notices, so that our users’ speech isn’t needlessly censored. This is a real cost to us, and diverts resources from more productive uses, like improving the products and services we offer our customers.

As with the study we highlighted earlier this week, Automattic notes that a huge number of notices it receives are invalid. First, it notes that approximately 29% of notices simply aren't valid notices in that they fail to meet the criteria laid out by the DMCA for what constitutes a valid notice. Then, another 10% of notices do meet the criteria to be an official notice, but are "clearly false or mistaken." And that's based on their own review of the notices. So, approximately 40% of all DMCA takedown notices the company receives are bogus. But, contrary to what the legacy industry folks and their shills are saying, Automattic notes that very few people file counternotices, out of a fear of being sued, and they're concerned about how this leads to censorship of perfectly legal speech.

Our statistics bear this out. As discussed below with respect to Subject No. 30, our statistics show that about 10% of the notices of claimed infringement we receive are otherwise valid but are clearly false or mistaken. But we receive many fewer counter notifications than that—only about one-half of one percent of the total number of notices we receive. We think this ratio shows that the low number of counter notifications is not the result of a correspondingly low number of false and mistaken assertions of infringement, but instead results from the concern that sending a counter notification is likely to result in costly litigation, even if that litigation would ultimately turn out to hold that no infringement had occurred. The company notes that out of a batch of approximately 1,700 "valid" but bogus notices, only 113 counter notices were sent. Most people just don't bother out of fear of getting sued.

The company also highlights just how broken Section 512(f) is -- which is the section that is supposed to be used against bogus takedowns. But as we've written about in the past, it's basically a dead letter. There are almost no examples of 512(f) being used successfully against someone for sending a takedown... with the one exception being Automattic! As we wrote about, a few years ago, Automattic actually sued over egregiously bad DMCA notices and even won a case, but... it was by default, because the notice sender just ignored the lawsuit. In the other lawsuit, it could never actually find the plaintiff who sent the bogus censorious takedowns.

The company also provides a number of actual examples of bogus DMCA takedown notices to get beyond just the statistical aspect and to prove the problem is real:

A medical transcription training service that used forged customer testimonials on their website submitted a takedown for screenshots of the fake testimonials in a blog post exposing the scam.

A physician demanded removal of newspaper excerpts posted to a blog critical of the physician, by submitting a DMCA notice in which he falsely claimed to be a representative of the newspaper.

A model involved in a contract dispute with a photographer submitted a series of DMCA notices seeking removal of images of the model for which the photographer was the rights holder.

An international corporation submitted DMCA notices seeking removal of images of company documents posted by a whistleblower.

A frequent submitter of DMCA notices submitted a DMCA notice seeking removal of a screenshot of an online discussion criticizing him for submitting overreaching DMCA notices.

As the company notes, each of these were clearly bogus, but since 512(f) is basically useless, it would be a complete waste of time to sue over them.

It's good to see companies sharing this kind of information, and it tracks closely with what the study from earlier this week said, which was based on a different corpus of data. So, yeah, when the legacy guys claim there's no abuse, they're simply full of shit.

from the step-up dept

Late last year, we told you about a worrisome effort by the European Commission to saddle the internet with unnecessary regulations. They had released an online "consultation" which was ostensibly part of the effort to create a "Digital Single Market" (a good idea in the world of a borderless internet), but which appears to have been hijacked by some bureaucrats who saw it as an opportunity to attack big, successful internet companies and saddle them with extra regulations. It's pretty clear from the statements and the questions that the Commission is very much focused on somehow attacking Google and Facebook (and we won't even get into the fact that the people who are looking to regulate the internet couldn't even program a working online survey form properly). However, as we noted, Google and Facebook are big enough that they can handle the hurdles the EU seems intent on putting on them: it's the startups and smaller tech firms that cannot. The end result, then, would actually be to entrench the more dominant players.

We helped created a "survival guide" for those who wished to fill out the (long, arduous) survey, and many of you did. As a follow up to that, via our think tank, the Copia Institute, we've now spearheaded a followup effort, which we've put up on the Don't Wreck The Net site. It's a letter to the EU Commission, signed by a number of internet companies and investors who care deeply about keeping the internet open and competitive. You can see the letter on that site, and it has already been signed by investors such as Union Square Ventures and Homebrew and a bunch of great internet companies, including Reddit, Medium, DuckDuckGo, Patreon, Automattic (Wordpress), Yelp, CloudFlare, Shapeways and more.

Before sending it on to the EU, however, we'd love to get more companies, entrepreneurs, technologists, investors and more signed on. So if you go to the Don't Wreck The Net site, not only can you see the letter we're sending, but also the ability to sign on. If you're signing on as yourself, that's easy. If you're signing on on behalf of your organization, then we'll need to reach back out to you to obtain proof that you have the ability to sign on behalf of that organization. No matter what, please look it over and consider signing on, as it's important for the EU to recognize the consequences of what regulations they may place on the internet for the wider tech and startup ecosystem.

from the platforms-shouldn't-just-be-takedown-remailers dept

Automattic, the company behind blogging platform Wordpress, continues to prove that just because the issuing of DMCA takedown notices has largely been handed over to automated processes, the response doesn't need to be similarly robotic.

Its latest transparency report shows it has rejected 43% of the DMCA notices it has received as either incomplete or abusive. Contrast this to almost any other platform where the initial response is to take down content/links first and work backwards from there. (Contrast this further to services like YouTube and Soundcloud, where content is subjected to automated pre-screening that seems to result in just as many illegitimate "removals.")

Automattic's DMCA process is anything but.

We carefully review each notice to ensure it’s formally complete, and includes all information required by the DMCA, before taking action. Notices that don’t meet the requirements of the statute are included in ‘notices rejected as incomplete.’

We also may decline to remove content if a notice is abusive. “Abusive” notices may be formally complete, but are directed at fair use of content, material that isn’t copyrightable, or content the complaining party misrepresents ownership of a copyright.

So, there's at least one major platform that has its users' backs -- something it has taken as far as the filing of lawsuits against serial abusers. And it's one of the few that will actually try to determine whether or not the usage of the disputed content falls under fair use. Automattic seems to have learned from its past mistakes, and now it's attempting to hold rightsholders and their representatives to the same standard it applies to itself. If content is going to be removed, the person(s) making these demands need to hold up their end of the bargain.

DMCA abuse isn't likely to stop anytime soon. The process to issue notices continues to become more streamlined, which puts even more non-infringing content at risk. On top of that, the automated processes used to compile lists of "infringing" URLs continues to be error-prone. This wouldn't be an issue if the companies providing these services to rightsholders spent a little (or any) time giving the notices a once-over before sending them out. The failure to do so not only has the potential to remove non-infringing content, but also to screw the same people they're supposed to be protecting -- not just in terms of reputation, but also financially.

A brief perusal of DMCA notices issued to Google finds multiple examples of non-infringing content being targeted by flaky automated processes. It also shows rightsholders are being billed for largely useless takedown requests filled with URLs covered in previous requests by the same company.

This recent request by IFPI Latin America contains 237 URLs --- 236 of which were already delisted in response to earlier requests.

This is far from uncommon and pretty much amounts to double billing. Even in cases where rightsholders pay a monthly or yearly fee rather than per DMCA takedown, it's still wasted money. While it's obviously easier to let machines do the work and humans to collect the paychecks, nothing about an automated copyright takedown notice process contributes anything towards healthier respect for the idea itself, or the creations protected by it.

Automattic, on the other hand, will continue to gather respect from its users and potential customers around the world simply by refusing to lay out a WELCOME mat for our new DMCA robot overlords.

from the if-single-bullet-misses,-deploy-uranium-enriched-warhead dept

Last week, a Turkish court ordered an access ban on a single post in the vast sea of more than 60 million individual blogs on WordPress. But for many users, that meant their Internet service providers blocked WordPress entirely.

A lawyer and Turkish Pirate Party member tracked down the root of the sudden ban on all of Wordpress: a court order seeking to block a single blog post written by a professor accusing another professor of plagiarism. This post apparently led to several defamation lawsuits and the lawsuits led to a court order basically saying that if blocking the single post proved too difficult, fuck it, block the entire domain.

It is the second sentence in the order, however, that caused the complete ban of WordPress in the country. “If the access to the single page cannot be possible due to technical reasons,” it reads, “block access to wordpress.com.”

According to the Daily Dot's Efe Kereme Sozeri, this tactic has often been deployed by Turkish government censors when outsmarted by the internet. If the targeted URL proves difficult to block, court orders demand ISPs block entire domains as Plan B.

This is Turkey's inelegant "solution" to a problem it shouldn't be trying to solve. Sozeri points out that its domain blocking efforts have, somewhat oddly, made oft-affected US tech companies much more responsive to its censorious demands.

The reason that Turkey had to request Google, Facebook, and Twitter to remove content is because they use SSL certificates, which secures users’ communication with their servers. (SSL certificates are what allow the implementation of HTTPS.) They’re technically quite difficult to intercept, but these companies still bow down to Turkey’s requests. Why? Because Erdoğan has completely banned access to their domains time and again when they failed to comply.

In order to continue doing business in Turkey, these companies have acquiesced to multiple censorship requests. Sozeri also has more bad news: Turkey's ISPs are commonly blocking domains at the DNS level, providing for more complete censorship while bypassing the targeted entity's participation in government censorship.

This incident also serves as an example of why targeted censorship so often fails. In most cases, those asking for content to be blocked are largely unconcerned about collateral damage -- whether it's rights holders trying to "protect" their intellectual property or governments seeking to control the content accessible to their citizens. And because they don't care who else is harmed, they'll push for the most "effective" form of censorship: deploying a nuclear weapon to kill a single person, to mix metaphors. And because the only good censorship target is a dead censorship target, they're not above using everything from overly-broad blocking orders to man-in-the-middle attacks to achieve their aims.

from the it's-a-start dept

Back in the summer of 2013, we wrote about yet another case of someone abusing the DMCA to censor content, rather than for any legitimate copyright purpose. The story was quite ridiculous, involving a group in the UK, called "Straight Pride UK." The group did an interview with a student named Oliver Hotham, who had emailed the group, noting he was a journalist with a list of questions. The guy behind "Straight Pride UK," Nick Steiner, responded to the questions with a document, which the group labeled as a "press release." Hotham posted his article, which, quite reasonably, made Straight Pride UK look ridiculous. In response, the group issued a DMCA takedown notice to Automattic, the company behind Wordpress.com, and the host of the article.

A couple months later, the legal team at Automattic decided it had had enough of these kinds of bogus takedowns and filed two lawsuits concerning bogus takedowns, including Nick Steiner's. As we've noted for years, the DMCA does have section 512(f) which allows for some punishment for bogus DMCA takedowns, but in practice, 512(f) has been almost entirely neutered by the courts. Yet here were cases of clear abuse.

So it's good to see that the court in the Hotham/Automattic/Steiner case has now ruled for Wordpress and awarded $25,084.00. Unfortunately, Steiner has more or less ignored the entire case, so it is really a default judgment. And, assuming Steiner never comes to the US, it may not ever truly impact him, and it's doubtful that he'll pay up. Still, at the very least, it's nice to see some sort of victory against bogus DMCA takedowns, given that it is so rare.

from the good-to-see dept

We've written in the past about the EFF's Who Has Your Back rankings, in which it looks at various internet companies to see who protects your privacy against governments and lawsuits. Now, the EFF has come out with an offshoot chart, looking at who has your back when it comes to bogus copyright and trademark demands. The only two companies that get a perfect score are Automattic/WordPress and NameCheap, as you can see on the full chart. The worst, somewhat surprisingly, is Tumblr, which scored a big fat zero out of the five listed items.

Automattic's Wordpress.com and NameCheap were the only two companies to receive five out of five stars. However, two other companies were recognized for going the extra mile: Etsy, for providing educational guides, and Twitter, for publishing regular and thorough transparency reports. Overall, 10 companies did not publish adequate transparency reports, highlighting an information black hole for consumers. Additionally, four companies missed a star for their counter-notice practices—a critical procedure for restoring content that may have been taken down without cause.

Twitter lost a point for not documenting the counternotice process. Etsy lost a point for failing to have a transparency report (something I'm guessing the company will do before too long). Facebook also doesn't have a transparency report -- though it does have one for government requests, so hopefully it will expand that to copyright and trademark takedown requests as well. YouTube lost points for not requiring a DMCA notice (thank you ContentID) before taking down content. Imgur also doesn't require a DMCA notice (which surprised me).

The EFF's original "Who Has Your Back" effort really did help shame many companies into upping their game in protecting the privacy of users from government requests. Hopefully this new one will do the same for copyright and trademark takedowns.

from the it's-a-widespread-problem dept

It's a sign of the times that online companies’ transparency reports are starting to include a new section: the Hall of Shame. Automattic, the company behind WordPress, is the latest to do so, highlighting examples of copyright and trademark overreach by prominent figures like Janet Jackson, as well as more local businesses, organizations, and individuals attempting to silence criticism and other noninfringing speech. It even highlighted one example we've written about—and even dedicated a short video to—in which a baked goods company misused trademark to go after bloggers talking about derby pie, a common regional dessert in the Southern U.S. And WordPress is only the latest company to name-and-shame takedown abusers—the Wikimedia Foundation made a major splash last month when it highlighted the copyright saga behind a notorious monkey selfie.

We've kept up a Takedown Hall of Shame of our own for years. But these cases of egregious abuse tell only part of the story, and transparency reports also help call attention to a more subtle issue: a large percentage of takedown requests that do not result in content removal. That is to say, services routinely receive large numbers of bogus takedown demands.

There's a real trend here. According to the latest numbers, Twitter does not comply with nearly 1 in 4 takedown notices it receives; Wikimedia complies with less than half; and WordPress complies with less than two-thirds. Each organization explains in its report that the notices with which they don't comply are either incomplete or abusive.

When companies choose not to take down content because the notice is abusive, that's a way of standing with their users, and it's a significant decision. The bargain in the DMCA is straightforward: as long as services comply with takedown notices that meet the statutory requirements, they're granted a "safe harbor" from any legal liability for copyright infringement that might otherwise arise from their hosting of user content. This had led some companies to take the short-sighted approach of removing all content for which they receive a takedown request, even if the request is defective or the content is obviously non-infringing. Since the law was enacted a decade and a half ago, some people have used the takedown mechanism as a censorship tool—sending careless or fraudulent notices in an attempt to silence lawful speech, and hoping that online services will comply just to stay in that safe harbor. And although the DMCA includes a mechanism to punish certain fraudulent takedown requests, the provision has proven difficult to enforce.

In other words, there's a lopsided legal incentive that frequently results in services taking down non-infringing speech. The companies that stand up to bogus requests deserve kudos for doing so, and transparency reports are a good place to highlight that user-friendly behavior while also providing data about how often people are trying to abuse the DMCA.

The data from the transparency reports also supports the common understanding that users send counter-notices in only a relatively tiny number of cases. For example, Automattic reports that it got only 44 counter-notices for the 3,630 takedown notices that it received. After a short waiting period, a company can restore content for which it has received a valid counter-notice without losing its safe harbor protection. This is an important way for users to restore their non-infringing speech to public view.

Supporters of the status quo argue that the low rate of counter-notice means that most notices legitimately target infringement. But that suggestion doesn't take into account how confusing and difficult the counter-notice process can be, and the fact that many users are intimidated by the requirement that they agree to be sued in federal court in case the rightsholder wants to claim copyright infringement (even though this is already true for users who are subject to the jurisdiction of U.S. federal courts). Users also fear the massively disproportionate statutory damages available to copyright claimants and the significant expense of defending even a winning copyright case, and allow themselves to be silenced rather than facing the expense and risk of vindicating their speech in courts.

The notice-and-takedown process is supposed to balance the interests of rightsholders, online platforms, and the general public, and transparency reports are an important mechanism to verify that's happening. The numbers paint a troubling picture. Across the Web, we've seen report after report that the number of takedown notices sent to online services is skyrocketing. These three latest transparency reports support that notion, with Twitter in particular reporting a nearly 40% increase in just six months.

Taken together with the number of bogus takedowns and the rarity of counter-notices, it's clear that the task of defending free speech is increasingly falling on online services. The notice-and-takedown system unfortunately provides yet another example of how aggressive mechanisms of copyright enforcement are abused to censor legitimate content. We applaud those service providers who stand up to this abuse on behalf of their users.

from the automattic-wins-the-internet dept

Via Parker Higgins we learn that Automattic (better known as the Wordpress people) have added singer Janet Jackson to their "Hall of Shame" for sending totally bogus takedowns. Apparently, her people made the wacky claim that this post on "what would your WWE smackdown name be?" represented trademark infringement. It doesn't. The only place it even mentions Jackson is in showing a picture of Sacha Baron Cohen with the following explanation:

The other takedown is equally problematic. It claims the following image is copyright infringement:

As you can clearly see that's using a photo of Jackson's famous "wardrobe malfunction" from the Superbowl many years ago, and applying the Things Tim Howard Could Save meme to it. Marginally funny. But not copyright infringement. Not only does Jackson not hold the copyright on that image, it's obvious fair use for whoever does hold the copyright.

Still, Automattic's lawyers had some fun with their response, noting that they "tried to use as many Janet Jackson song titles as possible" in the response (while also noting they hope that doesn't lead to another takedown demand):

It seems like you believe the use of the trademark “Janet Jackson” is reserved all for you, but we were hoping you’d be open to some feedback because your attempt to control every use of the mark is pretty nasty. If you read up on nominative use, you’ll discover that it doesn’t really matter that “Janet Jackson” is used on this site. If you believe there are any other alleged infringements, would you mind submitting a notice again via our trademark form?

from the a-fool-for-a-client dept

What's that saying about a lawyer who represents himself? Yes, well, consider the case of lawyer Jeffrey Wilens, representing himself pro se, in a "trademark" lawsuit filed against Automattic, the company better known for WordPress, the content management system/hosting service that a large percentage of the internet now uses. Wilens appears to have someone who doesn't like him very much, who set up a bunch of websites using Wilens' name and the name of his legal practice, Lakeshore Law Center. Wilens is claiming that this is trademark infringement, based on a trademark on his name and the name of his law practice. Even if he were just going after whoever made the page, this would be a massive long shot. As we've covered for years, so-called "gripe sites" are not considered trademark infringement. There's no likelihood of confusion, they're almost never commercials, and shutting them down would often violate the First Amendment. But Wilens is pointing his legal guns not just at whoever made the site, but also at Automattic for allowing the site to be created and hosting it (he also sued Google, but recently dismissed the company from the case).

Automattic has sought to dismiss the case, which is scheduled to go to trial shortly, pointing out that there simply is no legitimate trademark claim against Automattic at all. The filing is worth reading as it lays out, quite clearly, why this case is a joke. There is no trademark infringement in the first place, and even if there was, it wouldn't be on Automattic. It cites numerous cases that have shown that gripes sites are not trademark infringement and that registrars are not liable if someone registers a trademarked name. It also highlights how there's clearly no direct trademark infringement, and Wilens doesn't allege secondary (contributory) trademark infringement, and even if he did, it still wouldn't be applicable.

Wilens hit back with a somewhat amusing reply, insisting that all of the caselaw that goes against him is "different" because he's pretty damn sure that whoever is making these sites is a competitor, and thus, it must be trademark infringement:

Defendants insist the offending websites are just criticism or “gripe” websites
which are not covered by trademark law. But we don’t know that. It is quite possible
that Doe No. 1 is a competitor of Plaintiff or acting on behalf of a competitor and not a
former client. The FAC alleges Doe No. 1 created the websites to divert search engine
traffic by clients and potential clients of Plaintiff from Plaintiff’s websites to the websites
controlled by Doe No. 1.... Until Doe No. 1’s identity can be uncovered,
and he is shown not to be a competitor, this allegations stands.

Of course, as we've discussed elsewhere, in many courts, the burden is quite the opposite. First you have to prove that a violation of the law occurred before you get to uncover the anonymous person. Even so, Wilens seems to be basing his claims on a whole bunch of hypotheticals and "maybe possiblys":

Defendants may argue
the websites do not seem to contain any links to Doe’s own website, but it is possible
that Doe reaches out to visitors by email or through the blogs’ message boards. There is
a comments features to these websites. While public comments seem to be disabled that
does not mean there have been no private communications. Before Plaintiff is allowed
to conduct discovery, there is no way to know what communications have gone on
between visitors and Doe No. 1, although Defendants may be in possession of that
information.

However, as Automattic then notes in its reply, Wilens still seems to be totally misreading the case law -- and completely changing his story. While he now insists that it could be trademark infringement because it was done by a competitor, earlier in the lawsuit, he insisted that it was a former client:

Mr. Wilens has previously represented to this Court, under penalty of perjury, that he believes the
websites to have been posted by the defendant in a lawsuit in which he was counsel for the plaintiff:
“There are a few former defendants I suspect might be the anonymous poster on the website, course, but
I am not going to name Doe without some supporting evidence. I have approached counsel for some of
the suspects but none of their clients would come forward and admit they are the anonymous poster.”
.... It is curious, to say the least, for Mr. Wilens to make a legal
argument in a signed pleading based on the premise that Doe No. 1 might be a competitor, where he has
sworn that he does not believe that to be the case.

Curious indeed.

Even worse, he seems to be switching the basis of his trademark infringement claim mid-stream. As noted above, in the original filing, Wilens only alleges direct trademark infringement. But in his response, he more or less admits that's not true here and now alleges secondary trademark infringement (even though Automattic's original response had already explained how that wasn't possible here):

Plaintiff appears to concede that the Amended Complaint does not adequately plead a claim for
direct trademark infringement against Automattic. Opp. at 5-6. He argues now that the Amended
Complaint contains facts that would support a claim for contributory trademark infringement. Id. The
Amended Complaint does not mention any claim for contributory trademark infringement, but assuming
that one is identified in the complaint, there can be no contributory trademark infringement claim against
Automattic based on a user’s choice of a website name.

This really does seem like yet another case of "someone is doing something on the internet that I don't like, therefore it must be illegal!" Hopefully the court decides to explain that's not quite how the law works to Mr. Wilens by dismissing the case before it even needs to go to trial.